SQL Injection Vulnerability in Oracle Application Server
CVE-2008-2589

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server; Oracle Portal Component
Vendor: CVE Published:; 15 July 2008

Summary

An unspecified SQL injection vulnerability exists in the Oracle Portal component of multiple versions of Oracle Application Server. This flaw may allow remote attackers to execute arbitrary SQL and PL/SQL commands by manipulating the second argument of the SHOW procedure within the WWV_RENDER_REPORT package. Such exploitation poses significant risk, as the impact and specific attack vectors remain unknown, highlighting the necessity for prompt remediation.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2115

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/494410/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 15, 2008
Vulnerability Reserved
Jun 9, 2008